mvc4 利用filters特性来 实现自己的权限验证 之一

mvc4 利用特性类过滤，实现自己的权限验证 参考Authorize与AllowAnonymous原理

1.新建一个特性过滤类AdminLogin继承ActionFilterAttribute。重写OnActionExecuting,在执行action前执行。新建一个特性类AdminAuthorize继承FilterAttribute。

代码：Filters/AdminLogin.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web;
using System.Web.Mvc;
using System.Web.Profile;
using System.Web.Routing;
using System.Web.Security;
namespace MvcApp.Filters
{
    public class AdminLogin : ActionFilterAttribute
    {

        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {

            bool isNeedLogin = filterContext.ActionDescriptor.IsDefined(typeof(AdminAuthorize), inherit: false);

            if (isNeedLogin)
            {
                var cookie = System.Web.HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
                var a = filterContext.ActionDescriptor.GetCustomAttributes(typeof(AdminAuthorize), inherit: false)[0] as AdminAuthorize;

                if (cookie != null && FormsAuthentication.Decrypt(cookie.Value).UserData == a.Role)
                {
                    //验证通过
                }
                else
                {
                    string returnUrl = HttpContext.Current.Request.Url.PathAndQuery;
                    var url = FormsAuthentication.LoginUrl + "?returnUrl=" + HttpUtility.UrlEncode(returnUrl);
                    //HttpContext.Current.Response.Redirect(url, true);//进入action
                    //filterContext.HttpContext.Response.Redirect(url);//进入action
                    /*filterContext.Result = new RedirectToRouteResult( //不进入action
                    new RouteValueDictionary
                    {
                        { "action", "Login" },
                        { "controller", "Admin" },
                        {"returnUrl", returnUrl}
                    });*/
                    filterContext.Result = new RedirectResult(url);//不进入action，转到登录页面。

                }

            }
        }

    }
    public class AdminAuthorize : FilterAttribute
    {
        private string role = "";
        public string Role
        {
            get { return role; }
            set { role = value; }
        }

        public AdminAuthorize()
        {

        }
    }
}

2.在App_Start/FilterConfig.cs中注册这个filter类。添加代码：

filters.Add(new Filters.AdminLogin());

3.在action前添加特性[AdminAuthorize(Role = "Admin")]

4.配置web.config

<authentication mode="Forms">
<forms name=".AuthAdmin" loginUrl="~/Admin/Login" timeout="30" protection="All" path="/Admin" defaultUrl="/Admin/Main" />
</authentication>

5.在登录action,Login注册船票ticket

FormsAuthenticationTicket MyTicket = new FormsAuthenticationTicket
(
1,
admin.UserName+"," + admin.NickName,
DateTime.Now,
DateTime.Now.AddMinutes(300),
true,
"Admin",
FormsAuthentication.FormsCookiePath
);

//添加 Cookies
string myHash = FormsAuthentication.Encrypt(MyTicket);
HttpCookie myCookie = new HttpCookie(FormsAuthentication.FormsCookieName, myHash);
Response.Cookies.Add(myCookie);